Cyberattack Defense: Staying One Step Ahead of Hackers

It's not enough to build a high wall around your systems. Hackers will eventually figure out a way to breach it, and then everything inside will be vulnerable to attack. With the rapid changes in today's Web-based environment, it's essential to move beyond passive techniques and build security into critical systems.

By Mike Dager
Jul 16, 2009 4:00 AM PT

Describing cyberterrorism as a "weapon of mass disruption," President Barack Obama released in late May the findings of a 60-day cybersecurity review. The statistics told the ugly story: Last year alone, cybercriminals stole intellectual property from businesses worldwide worth up to US$1 trillion. In the past two years alone, cybercrime has cost Americans more than $8 billion.

Hackers continue to develop sophisticated measures that utilize the Web to tamper with, infect or pirate mission-critical applications in both the private and public sectors. Emerging Web-based technologies such as cloud computing have heightened the awareness among organizations of the need for security measures to protect their valuable data assets and IP.

The industry needs software protection technology that hardens applications against attempted attacks such as reverse-engineering for IP theft or malware insertion, which can degrade the 100 percent integrity requirement of mission-critical applications.

The New Security Perimeter

Traditionally, software has either not been protected or protected only through passive techniques such as obfuscation and encryption. The problem is that these passive techniques alone fall short of providing the security needed in today's threat world. They provide a static one-time hurdle that hackers can quickly dispose of, and the protected application has no further recourse when that single defense layer is breached.

Today's Web-based environment opens new markets and opportunities, but it also enables rapid distribution of malware and compromised software. Attack tools are quickly developed and disseminated, making zero-day attacks commonplace. Companies are increasingly selling globally, with more and more business conducted electronically, placing transactions and software alike at risk.

While traditional security thinking has led many toward a focus on securing the perimeter -- such as the perimeter of the network, application or system, this approach is insufficient in today's world of distributed computing. This focus has diverted resources and attention from the real task at hand -- building defensibility into applications -- and it leaves everything inside the perimeter vulnerable to attack.

In short, enterprises deploying widely used data protection methods aimed at "defending the perimeter," are not adequate in today's distributed computing world to safeguard intellectual property, and companies must learn to adopt new strategies aimed at integrating security into the software and data assets themselves.

Seven Key Requirements for Software Protection

Successful IP protection requires several criteria to safeguard software from a multitude of threats. Among these are diversity and layers of defense, which are critical to ensuring that the protected application is not vulnerable once deployed in the market. Also critical is an intelligence component that provides real-time alerts regarding any attempts to compromise a system. The protection solution should include these elements without development overhead or heavy runtime penalty.

1. Durable. Security solutions protect by authenticating users, determining user privileges, or verifying transactions. Seasoned hackers are skilled at identifying and circumventing yes-no decision points, which constitute single points of failure. This enables creation of automated BORE (Break Once Run Everywhere) attack tools that can be rapidly disseminated via the Internet.

2. Dynamic. Code transformations such as obfuscation and encryption are static processes in which source code or binary is obscured in a deterministic fashion. The protection offered is not powerful enough for most antitamper needs. Further, the software cannot take action against tampering: The protection is passive.

3. Resilient. Protection, no matter how strong, will eventually be breached. Therefore, when applications are updated, protection schemes must also be renewed to ensure immunity against differential analysis. Additionally, the patch must be different enough from the original to ensure hackers cannot leverage experience from the earlier break. Any manual or source code-based effort is resource-intensive, yet a patch must be issued quickly to stem revenue leaks, leading to a vicious breach-patch cycle.

4. Easy to Use. Traditional software protection products do not give users precise control over the implementation of security; therefore, they do not allow users to build a solution that is tailored uniquely to their business requirements. Applications and environments have specific security requirements.

5. Proven. Any security technology enjoys a short hack-free duration when it is new on the market. However, to protect valuable applications with confidence for their entire lifetime, a technology must have been tested both by experts and by real hackers in the real world. Additionally, hacker sophistication evolves over time, and if your solution provider does not keep its technology one step ahead, your software will quickly fall victim to piracy.

6. Performance-Friendly. Some protection solutions impose large performance penalties when the protected program is running. These solutions force the developer to choose between degree of performance impact and percentage of application that is secured. This is an unacceptable trade-off.

7. Development-Friendly. Securing code manually is a costly and time-consuming process requiring highly skilled resources using an antitamper API, or working at the source code level. Further, any source code level implementation will not be reusable, and ongoing costs will therefore be high.

These key factors should be considered to provide maximum defense against cyberattacks, piracy, tampering or any type of threat, in order to keep companies one step ahead of hackers. The next time a foreign spy worms its way into your sensitive applications, here's what will happen: Your application will immediately notice the discrepancy and send rich forensics to your application firewall. Your security information and event management system will be notified in real-time, and your IT administrator will be able to respond effectively.